<?php
include_once('../server/config.php');
include_once('../server/sqlControl.php');
	$min = 3;
	$max = 50;
	$choices = 10;
	$search = (string) stripslashes(strip_tags($_POST['search']));
	$result = array();

//quick validation
if(strlen($search) >= $min && strlen($search) <= $max)
{ 	  
  $return = '';
  $value = str_ireplace('category: ', '', $search);
  
  if($value == $search)
  {
  	  $tables = array();
	  $tables[0] = 'inv_item';
	  
	  $fields = array();
	  $fields[0] = 'itemID';
	  
	  $whereClause = 'itemID LIKE "%'.$search.'%"';
	  
	  $data = SQLRecover($tables, $fields, $whereClause);
	  $return = '';
	  if($data['queryStatus'] != 'DB Query success!')
	  {
	  	$return = '<li>No Entries Found</li>';
	  }
	  else
	  {
	  	for ($i=0; $i<sizeOf($data['itemID']); $i++)
	  	{
	  		$return .= '<li>'.$data['itemID'][$i].'</li>';
	  	}
	  }
  }
  else
  {

  	  $tables = array();
	  $tables[0] = 'inv_item i';
	  $tables[1] = 'inv_category c';
	  
	  $fields = array();
	  $fields[0] = 'i.itemID itemID';
	  
	  $whereClause = 'i.category = c.catID AND c.catName LIKE "%'.($value == '' ? 'hagwhtwgw46' : $value).'%"';
	  
	  $data = SQLRecover($tables, $fields, $whereClause);
	  $return = '';
	  if($data['queryStatus'] != 'DB Query success!')
	  {
	  	$return = '<li>No Records Found</li>';
	  }
	  else
	  {
	  	for ($i=0; $i<sizeOf($data['itemID']); $i++)
	  	{
	  		$return .= '<li>'.$data['itemID'][$i].'</li>';
	  	}
	  }

  }
  echo $return;
}
?>